1.1 Flashcards
Social Engineering
Phishing
Phishing attacks are fraudulent emails, text messages, phone calls or web sites designed to trick users into downloading malware, sharing sensitive information or personal data
Smishing
Smishing is a type of phishing attack that involves the use of text messages (SMS or MMS) to deceive individuals into providing sensitive information or taking certain actions. The term “smishing” is a combination of “SMS” (Short Message Service) and “phishing.”
Vishing
Vishing, short for “voice phishing,” is a type of social engineering attack in which an attacker uses phone calls to trick individuals into providing sensitive information or taking certain actions. Vishing is similar to phishing but involves voice communication instead of electronic messages.
Spam
Spam refers to unwanted or unsolicited messages, commonly seen in the form of mass-distributed emails, online forum posts, or instant messages. Whether for advertising, phishing, or other malicious purposes, spam is characterized by its unsolicited nature and the intent to reach a broad audience.
SPIM
“Spim” is a term used to describe unsolicited instant messages, similar to email spam but occurring in the context of instant messaging (IM) platforms. Just as email spam involves the mass distribution of unwanted emails, spim involves the sending of unwanted messages through instant messaging systems.
Spear Phishing
“Spear phishing” is a type of phishing campaign that targets a specific person or group and often will include information known to be of interest to the target, such as current events or financial documents.
Dumpster Diving
Dumpster diving is a cyberattack where the attacker gets their hands on sensitive documents or data you carelessly threw into the trash bin. Yes, it sounds funny, but the potential damage is real.
Shoulder Surfing
Shoulder surfing is a type of security threat in which an unauthorized person observes or spies on the activities of individuals, such as entering passwords, PINs, or other confidential information, by looking over their shoulders or from a distance.
Pharming
Pharming is a cyber attack that involves the redirection of website traffic to fraudulent websites without the user’s knowledge. In a pharming attack, the attacker typically exploits vulnerabilities in the Domain Name System (DNS) or uses other methods to manipulate the resolution of domain names.
Tailgating
Tailgating attacks are where an attacker follows an unaware user to gain access to an area without authorization.
Eliciting Information
Eliciting information refers to the process of extracting sensitive or confidential data from individuals through various means, often with the goal of exploiting that information for malicious purposes. This can involve social engineering techniques.
Whaling
“Whaling” is a type of cyber attack that specifically targets high-profile individuals within an organization, such as executives, top-level management, or individuals with access to sensitive information.
Prepending
“Prepending” in the context of cybersecurity typically refers to a technique where additional characters or data are added to the beginning of a string or file. In the broader sense of “cyber,” “prepending” could be used in various cybersecurity concepts
Identity Fraud
Identity fraud is a type of crime where an individual’s personal information is stolen and used for fraudulent purposes. This stolen information may include the person’s name, Social Security number, credit card details, or other sensitive data.
Invoice Scam
An invoice scam is a type of fraud where scammers send fake invoices or bills to individuals or businesses with the intention of deceiving them into making payments for goods or services that were never received or were never legitimately contracted.